php/sme8/php-5.3.3-CVE-2012-1823.patch


http://git.php.net/?p=php-src.git;a=commitdiff;h=55869a95ab75c0eb99c57201bfeccaef57e0d36d

plus parentheses around getenv() call to avoid gcc warning

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1823

--- php-5.3.3/sapi/cgi/cgi_main.c.cve1823
+++ php-5.3.3/sapi/cgi/cgi_main.c
@@ -70,6 +70,7 @@
 #include "php_main.h"
 #include "fopen_wrappers.h"
 #include "ext/standard/php_standard.h"
+#include "ext/standard/url.h"
 
 #ifdef PHP_WIN32
 # include <io.h>
@@ -1500,6 +1501,9 @@ int main(int argc, char *argv[])
 #ifndef PHP_WIN32
        int status = 0;
 #endif
+       char *query_string;
+       char *decoded_query_string;
+       int skip_getopt = 0;
 
 #if 0 && defined(PHP_DEBUG)
        /* IIS is always making things more difficult.  This allows
@@ -1549,7 +1553,16 @@ int main(int argc, char *argv[])
                }
        }
 
-       while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
+       if((query_string = getenv("QUERY_STRING")) != NULL) {
+               decoded_query_string = strdup(query_string);
+               php_url_decode(decoded_query_string, strlen(decoded_query_string));
+               if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
+                       skip_getopt = 1;
+               }
+               free(decoded_query_string);
+       }
+
+       while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
                switch (c) {
                        case 'c':
                                if (cgi_sapi_module.php_ini_path_override) {
1	slords	1.1.2.1
2			http://git.php.net/?p=php-src.git;a=commitdiff;h=55869a95ab75c0eb99c57201bfeccaef57e0d36d
3
4			plus parentheses around getenv() call to avoid gcc warning
5
6			https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1823
7
8			--- php-5.3.3/sapi/cgi/cgi_main.c.cve1823
9			+++ php-5.3.3/sapi/cgi/cgi_main.c
10			@@ -70,6 +70,7 @@
11			#include "php_main.h"
12			#include "fopen_wrappers.h"
13			#include "ext/standard/php_standard.h"
14			+#include "ext/standard/url.h"
15
16			#ifdef PHP_WIN32
17			# include <io.h>
18			@@ -1500,6 +1501,9 @@ int main(int argc, char *argv[])
19			#ifndef PHP_WIN32
20			int status = 0;
21			#endif
22			+ char *query_string;
23			+ char *decoded_query_string;
24			+ int skip_getopt = 0;
25
26			#if 0 && defined(PHP_DEBUG)
27			/* IIS is always making things more difficult. This allows
28			@@ -1549,7 +1553,16 @@ int main(int argc, char *argv[])
29			}
30			}
31
32			- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
33			+ if((query_string = getenv("QUERY_STRING")) != NULL) {
34			+ decoded_query_string = strdup(query_string);
35			+ php_url_decode(decoded_query_string, strlen(decoded_query_string));
36			+ if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
37			+ skip_getopt = 1;
38			+ }
39			+ free(decoded_query_string);
40			+ }
41			+
42			+ while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
43			switch (c) {
44			case 'c':
45			if (cgi_sapi_module.php_ini_path_override) {